Search Results

With the growing complexity and integration of systems as satellites, automobiles, aircrafts, turbines, power controls and traffic controls, as prescribed by SAE-ARP-4754A Standard, the time de-synchronization can cause serious or even catastrophic failures. Time synchronization is a very important aspect to achieve high performance, reliability and determinism in networked control systems. Such systems operate in a real time distributed environment which frequently requires a consistent time view among different devices, levels and granularities. So, to guarantee high performance, reliability and determinism it is required a performance evaluation of time synchronization of the overall system. This time synchronization performance evaluation can be done in different ways, as experiments and/or model and simulation.

Avionics Systems are increasingly used to perform safety-critical functions at high altitudes. But their increasing capacity and concentration of memory and logics leads to more frequent occurrences of single event upsets, especially in high altitudes. In this work we discuss the effects and mitigation of single event upsets on avionics systems to help in developing future requirements. To do that we initially present the concepts of radiation environment of the atmosphere, radiation induced errors, single event upsets, etc. Then, we discuss some of their effects on avionic systems and ways of mitigation. Finally, we discuss provisions to demand the adoption of such mitigation measures, and their sufficiency. This will help in developing future requirements to accomplish the objectives of a safe operation of civil transportation aircraft.

Avionics Systems are increasingly used to perform safety-critical functions at high altitudes. But their increasing capacity and concentration of memory and logics leads to more frequent occurrences of single event upsets, especially in high altitudes. In this work we discuss the process of eliciting and validating requirements to handle single events upsets in avionic systems. To do that we initially summarize and update the concepts of radiation environment of the atmosphere, radiation induced errors, single event upsets, etc. presented in a previous paper. Then, we discuss some of their effects on avionic systems and ways of mitigation, reported in the literature. Finally, we discuss provisions to demand the adoption of such mitigation measures, and their sufficiency by transforming them into requirements, according to recommendations of compliance described in standards as SAE ARP 4754A and RTCA DO-254.

There is an increasing demand to educate students on systems thinking and systems approaches at undergrad and graduate levels in colleges in India. Efforts are being made by industry, academia, and professional societies to join hands to bridge the gap. Specifically, there is significant emphasis on providing wholistic “live” case studies and examples to students to get their “hands dirty” on actual systems. One of the inhibitors on this aspect being faced, in the aerospace domain, is that actual examples are not available in the open literature as they are considered proprietary and/or confidential. This paper illustrates a framework for educating students on systems approaches and systems thinking in a near “live” scenario through a case of safety critical control system embedded with Artificial Intelligence (AI). With the recent advances in AI and increasing demands on embedding AI in complex aerospace systems, certification of such systems poses many hurdles and challenges.

Modern aircraft systems employ numerous processors to achieve system functionality. In particular, engine controls and power distribution subsystems rely heavily on software to provide safety-critical functionality, and are expected to move toward multicore architectures. The computing hardware-layer of avionic systems must be able to execute many concurrent workloads under tight deterministic execution guarantees to meet the safety standards. Single-chip multicores are attractive for safety-critical embedded systems due to their lightweight form factor. However, multicores aggressively share hardware resources, leading to interference that in turn creates non-deterministic execution for multiple concurrent workloads. We propose an approach to remove on-chip interference via a set of methods to spatio-temporally partition shared multicore resources.

Development of any safety critical software applications such as in the aerospace industry needs to comply to specific standards (DO-178) to meet airworthiness requirements. This standard is applicable to all airborne software. As such, the software development needs to perform certain verification activities to comply to the standard objectives. One of the verification activities is source code inspection or review to check that the implementation meets the specification captured in the form of requirements and other aspects such as coding style guidelines and documentation, such as, indentation used in code, sufficient comments or notes in the code files etc. Generally, this activity is carried out manually, supplemented by tools which are deployed to check errors and standards in the code by means of static analysis and practices such as test-driven development (TDD), wherein, the testing and analysis is done prior to the reviews.

In the paper at hand a model-based development approach for a diagnostic system for a multifunctional fuel cell system architecture will be presented. The approach consists primarily of four parts. The first part is a description of general steps needed to build an accurate component-based model of the system using a state of the art model-based diagnostic reasoning tool. As a first result there will be a static simulation model for nominal system behavior. The second part of the approach deals with the identification of safety critical failure conditions (SCFC) at a system level, e.g. low Power. The SCFCs are then mapped into the model. This means that categorized physical quantities and monitoring executives are chosen, that are appropriate for representing the specific SCFCs, e.g. low voltage at outlet of DC-DC converter module. According to step two there will be conflicts, meaning discrepancies between the simulated nominal and the mapped behavior.

Software certification guidelines, such as RTCA DO-178C, mandate the analysis of data and control coupling (DC/CC) in safety-critical avionics software using requirement-based testing. The intention of this analysis is to ensure correctness in the interactions and dependencies between software components. The shift from confirming the coupling (as in DO-178B) to verifying the exercising of the coupling (as introduced in DO-178C) transitions the DC/CC objective from an analytical exercise against the test design to a measurement exercise against the test execution. Current methodologies for measuring Data Coupling and Control Coupling (DC/CC) rely on source code instrumentation, which embeds code to record coverage information during requirements-based testing. However, this approach has significant drawbacks. Primarily, it necessitates executing tests on both the instrumented and non-instrumented versions of the code, ensuring their outputs match.

In order to demonstrate comprehensively for every cable to every flight safety critical equipment on an aircraft, that the qualification test levels were greater by a margin than the levels of induced threat on the aircraft, it is necessary to measure the current or voltage on all of those cables during whole aircraft tests. In this paper an approach is described which relies on a statistical distribution of induced threat amplitudes in the cables within an airframe to reduce the number of cable measurements needed, and fill in for cables that cannot be measured. The method also offers, for the first time, a viable approach to the substantiation of a similarity argument.

Aerospace Recommended Practice (ARP) 4754 Revision A (ARP4754A), Guidelines for Development of Civil Aircraft and Systems [1], and ARP4761, Guidelines and Methods for Conducting the Safety Assessment Process on Civil Airborne Systems and Equipment [2], together describe a complex set of intertwining processes which comprehensively prioritize development activities for a product's systems based on their safety criticality. These processes work at specific levels of detail (aircraft and system) and interact with a set of processes at lower levels of detail (item) defined by Radio Technical Commission for Aeronautics (RTCA) standards. The aircraft and system development process (ARP4754A) supplies functions, requirements, and architectural definitions to the System Safety process (ARP4761), which in turn supplies Development Assurance Levels back to the development process and on to the RTCA processes.

In Europe, over recent years, there has been a marked shift in the regulatory approach to ensuring system safety. Whereas compliance with prescriptive safety codes and standards was previously the norm, the responsibility has now shifted back onto the developers and operators to construct and present well reasoned arguments that their systems achieve acceptable levels of safety. These arguments (together with supporting evidence) are typically referred to as a “safety case”. This paper describes the role and purpose of a safety case (as defined by current safety and regulatory standards). Safety arguments within safety cases are often poorly communicated. This paper presents a technique called GSN (Goal Structuring Notation) that is increasingly being used in safety-critical industries to improve the structure, rigor, and clarity of safety arguments.

This SAE Aerospace Standard (AS) defines the items that shall be considered when creating a fiber optic cable assembly specification and source control drawing intended for installation on aerospace platforms.

This SAE Aerospace Standard (AS) defines the items that shall be considered when creating a fiber optic cable assembly specification and source control drawing intended for installation on aerospace platforms.

The Major Constituent Analyzer (MCA) is a mass spectrometer-based atmospheric monitoring instrument in the Laboratory Module of the International Space Station (ISS). The MCA is used for continuous environmental monitoring of 6 major gas constituents in the ISS atmosphere as well as safety-critical monitoring for special Environmental Control and Life Support (ECLS) operations such as Pre-Breathe in the Airlock for Extra-Vehicular Activities (EVAs) and oxygen re-pressurizations. For the latter, it is desirable to make most efficient use of consumables by transferring the maximum amount from O2 re-supply tanks on board the shuttle or Progress. The upper safety limit for O2 transfer is constrained by the MCA measurement error bands. A study was undertaken to tighten these error bands and afford NASA-Mission Operations Directorate (MOD) more operational flexibility.

RTCA DO-254/ EUROCAE ED-80 “Design Assurance Guidance for Airborne Electronic Hardware” is a widely accepted industry standard to ensure safety in avionics hardware. FAA and EASA have recognized DO-254 as an acceptable means of compliance with the applicable airworthiness regulations for the electronic hardware. While microprocessor based complex hardware utilization in safety critical avionic hardware are increasing and DO-254 compliance is mandated by the certification authorities, development of DO-254 compliant or safety certifiable hardware is becoming more and more important and provides competitive advantage in the industry. The avionics manufacturers need to correlate their existing processes and procedures with DO-254 in order to satisfy DO-254 objectives in their own quality management system structure, which may be challenging and tricky.

This AIR provides descriptions of aircraft actuation system failure-detection methods. The methods are those used for ground and in-flight detection of failures in electrohydraulic actuation systems for primary flight control. The AIR concentrates on full Fly-By-Wire (FBW) flight control actuation though it includes one augmented-control system. The background to the subject is discussed in terms of the impact that factors such as the system architecture have on the detection methods chosen for the flight control system. The types of failure covered by each monitoring technique are listed and discussed in general. The way in which these techniques have evolved is illustrated with an historical review of the methods adopted for a series of aircraft, arranged approximately in design chronological order.

The aerospace industry is facing immense challenges due to increased design complexity and higher levels of integration, particularly in the electrification of aircraft. These challenges can easily impact program cost and product time to market. System electrification and electromagnetic compatibility (EMC) have become critical issues today. In the context of 3D electromagnetics, EMC electromagnetic compatibility ensures the original equipment manufacturer (OEM) that radiated emissions from various electronic devices, such as avionics or the entire aircraft for that matter, do not interfere with other electronic products onboard the aircraft.

Open Standard Middleware Enables New HPEC Solutions Cooling Your Embedded System What Can Your Open Standard Architecture Handle? Evaluating Key Certification Aspects of Multicore Platforms for Safety Critical Avionics Applications Simulating and Analyzing Flow for an Air-to-Air Refueling System The Ins and Outs of Spaceflight Passive Components and Assemblies Development of High Quality 4H-SiC Thick Epitaxy for Reliable High Power Electronics Using Halogenated Precursors Silicon Based Mid-Infrared SiGeSn Heterostructure Emitters and Detectors Reconfigurable Electronics and Non-Volatile Memory Research Energy-Filtered Tunnel Transistor: A New Device Concept Toward Extremely Low Energy Consumption Electronics

DoD to Deploy Thousands of Low Cost Autonomous Systems Under Replicator Program Top Productivity Improvement Tips for Manufacturing Turbine Discs FACE Technical Standard Offers MOSA Lessons for Safety-Critical Software in Any Sector Adamant: A Soon-to-be Open Source, Mission-Critical Flight Software Framework Written in Ada Benefits and Challenges of Direct-RF Sampling for Avionic Platforms More Airports Test RF as Counter Measure for UAS in Restricted Airspace Adapting U.S. Army Acquisition to Ensure the Reliability and Safety of Autonomous Vehicles This report presents several challenges that the U.S. Army will face in the transition to autonomous vehicles, challenges that are only magnified in the current acquisition environment with limited testing. Artificial intelligence algorithms introduce additional complexity, resulting in systems with a complex combination of human, machine, and autonomous controllers.

Quality through closed-loop manufacturing Pratt & Whitney has employed automated part probing as part of its manufacturing process to provide final inspection, data collection and analysis, and process adjustment. A virtual fighter The Boeing Co. and Lockheed Martin Corp. use SGI's Origin 2000 servers and Silicon Graphics Onyx2 visual supercomputers to design their respective Joint Strike Fighter (JSF) demonstrators virtually. Modular aerospace controls Honeywell investigates a commercial off-the-shelf approach to the automated generation of safety-critical software for distributed control systems. Automated fuselage mating Brotje-Automation GmbH has developed an automated alignment facility designed to accurately position and align major aircraft fuselage sections.